The questions provided below are not sourced from any question bank. They are designed to assess your knowledge across various domains in cybersecurity. While these questions can be utilized as practice for a range of certifications, including but not limited to Security+, CISSP, and CISM, it’s important to note that they are generic. The format of questions and answers for a specific exam might differ from the format presented here.<\/p>\n\n\n\n
RSA<\/strong> is an asymmetric encryption algorithm, meaning it uses a pair of keys (public and private) for encryption and decryption.<\/p>\n\n\n\n IPS (Intrusion Prevention System)<\/strong> analyzes traffic in real-time and takes action based on policies, such as blocking malicious content.<\/p>\n\n\n\n A false positive<\/strong> is an alert that incorrectly indicates the presence of a threat.<\/p>\n\n\n\n A fingerprint scanner<\/strong> falls under “Something you are” because it reads a physical characteristic of the user.<\/p>\n\n\n\n Integrity<\/strong> ensures that data remains unchanged during storage or transmission, preventing unauthorized tampering.<\/p>\n\n\n\n A honeypot<\/strong> is designed to attract and divert attackers from the main systems, acting as a decoy.<\/p>\n\n\n\n Tailgating<\/strong> is when an unauthorized person follows an authorized person into a secure area, so it concerns physical access controls<\/strong>.<\/p>\n\n\n\n During the Verification phase<\/strong> of the SDLC, security testing primarily occurs to ensure the software is secure before deployment.<\/p>\n\n\n\n A CSIRT’s primary purpose<\/strong> is to respond to and manage security incidents when they occur.<\/p>\n\n\n\n Answer:<\/strong> c) Data integrity and confidentiality Answer:<\/strong> c) MITM (Man in the Middle) Answer:<\/strong> c) TCP Answer:<\/strong> b) Symmetric Answer:<\/strong> b) Maintain business operations during incidents Answer:<\/strong> c) Full Disk Encryption (FDE) Answer:<\/strong> a) Zero-day Answer:<\/strong> c) RBAC (Role-Based Access Control) Answer:<\/strong> b) Trojan Answer:<\/strong> c) Zeroization Answer:<\/strong> c) Sharding Answer:<\/strong> b) SFTP Answer:<\/strong> b) Integrity Answer:<\/strong> a) VPN Answer:<\/strong> a) Static Testing Answer:<\/strong> b) HTTPS Answer:<\/strong> b) GDPR Answer:<\/strong> b) Separation of Duties Answer:<\/strong> b) Random data appended to passwords before hashing Answer:<\/strong> c) Digital certificates Answer:<\/strong> b) Phishing Attack Answer:<\/strong> b) Detecting and alerting about potential intrusions Answer:<\/strong> c) Stateful Firewall\n
Network Security<\/strong>:
Which of the following devices specifically analyzes traffic for malicious content and can block specific content based on policy?
a) Router
b) Switch
c) IDS
d) IPS<\/summary>\n\n
Threats & Vulnerabilities<\/strong>:
A security administrator receives an alert from a system. Upon investigation, it is determined that there is no actual threat. What type of alert is this?
a) True negative
b) True positive
c) False negative
d) False positive<\/summary>\n\n
Risk Management<\/strong>:
Which process is primarily concerned with identifying vulnerabilities and threats and assessing their potential impact?
a) Risk acceptance
b) Risk mitigation
c) Risk transference
d) Risk assessment<\/summary>\n\n
\n
Identity & Access Management<\/strong>:
Which authentication factor category does a fingerprint scanner belong to?
a) Something you know
b) Something you have
c) Something you are
d) Somewhere you are<\/summary>\n\n
Security Architecture & Design<\/strong>:
Which of the following concepts ensures that data is not altered or tampered with during transit?
a) Availability
b) Integrity
c) Confidentiality
d) Authentication<\/summary>\n\n
Security Operations<\/strong>:
Which of the following best describes a honeypot?
a) A system used to distract attackers from critical systems
b) A patch applied to a software vulnerability
c) A secure area of a network where sensitive data is stored
d) A tool for encrypting data in transit<\/summary>\n\n
Physical Security<\/strong>:
Tailgating is a concern for which of the following security controls?
a) Logical access controls
b) Firewalls
c) IDS systems
d) Physical access controls<\/summary>\n\n
Application Security<\/strong>:
During which phase of the Software Development Life Cycle (SDLC) is security testing primarily performed?
a) Requirements phase
b) Design phase
c) Implementation phase
d) Verification phase<\/summary>\n\n
Incident Response<\/strong>:
Which of the following best describes the primary purpose of a Computer Security Incident Response Team (CSIRT)?
a) To develop and maintain an organization\u2019s security policy
b) To conduct routine security audits
c) To respond to and manage security incidents
d) To implement security infrastructure<\/summary>\n\n
\n\n\n\nPractice 2<\/h2>\n\n\n\n
What is the primary purpose of using HTTPS over HTTP?<\/strong>
a) Faster data transmission
b) Improved website layout
c) Data integrity and confidentiality
d) Higher availability<\/summary>\n
Explanation:<\/em>
HTTPS ensures data integrity and confidentiality through SSL\/TLS encryption.
HTTP offers no encryption, thus exposing data to potential eavesdropping.
Faster data transmission and improved website layout are not functions of HTTPS.
Availability refers to system uptime, not data security.<\/p>\n\n\n\nWhich type of attack involves intercepting communication between two parties without their knowledge?<\/strong>
a) Phishing
b) DDoS
c) MITM (Man in the Middle)
d) Brute Force<\/summary>\n
Explanation:<\/em>
MITM attacks involve an attacker secretly intercepting and possibly altering the communication between two parties.
Phishing is a type of scam targeting users to gain personal information.
DDoS attacks flood services with traffic, causing unavailability.
Brute Force attacks attempt multiple password combinations to gain unauthorized access.<\/p>\n<\/details>\n<\/details>\n\n\n\nWhich protocol operates at the transport layer and offers connection-oriented communication?<\/strong>
a) ICMP
b) UDP
c) TCP
d) ARP<\/summary>\n
Explanation:<\/em>
TCP provides connection-oriented communication and operates at the transport layer.
ICMP is used for error reporting and diagnostics.
UDP offers connectionless communication.
ARP is used for IP to MAC resolution.<\/p>\n<\/details>\n\n\n\nWhich cryptographic method uses the same key to encrypt and decrypt data?<\/strong>
a) Asymmetric
b) Symmetric
c) Hash function
d) Digital signature<\/summary>\n
Explanation:<\/em>
Symmetric encryption uses the same key for both encryption and decryption.
Asymmetric encryption uses a pair of keys: one for encryption and one for decryption.
Hash functions generate a fixed-size string of bytes, typically a digest.
Digital signatures provide authentication, integrity, and non-repudiation.<\/p>\n<\/details>\n\n\n\nWhat is the primary goal of a Business Continuity Plan (BCP)?<\/strong>
a) Detect cyber attacks
b) Maintain business operations during incidents
c) Recover lost data
d) Test network vulnerabilities<\/summary>\n
Explanation:<\/em>
The BCP focuses on ensuring business operations continue during and after incidents.
Detecting cyber attacks is more associated with IDS\/IPS systems.
Recovering lost data is a focus of a Disaster Recovery Plan (DRP).
Testing network vulnerabilities is part of penetration testing.<\/p>\n<\/details>\n\n\n\nWhat technology can best ensure data at rest encryption on a hard drive?<\/strong>
a) Firewall
b) WAF (Web Application Firewall)
c) Full Disk Encryption (FDE)
d) Proxy<\/summary>\n
Explanation:<\/em>
FDE ensures that all data on a hard drive is encrypted.
Firewalls and Proxies are designed to manage and monitor network traffic.
WAF protects web applications from targeted attacks.<\/p>\n<\/details>\n\n\n\nWhich of the following terms best describes a vulnerability in software that is unknown to its creator?<\/strong>
a) Zero-day
b) Open source
c) Backdoor
d) Logic bomb<\/summary>\n
Explanation:<\/em>
Zero-day refers to a software vulnerability that is unknown to those who should be interested in mitigating the vulnerability.
Open source refers to software with publicly accessible source code.
A backdoor provides an alternative way of accessing a system.
A logic bomb is malicious code that executes in response to certain conditions.<\/p>\n<\/details>\n\n\n\nWhat type of access control is based on job roles within an organization?<\/strong>
a) MAC (Mandatory Access Control)
b) DAC (Discretionary Access Control)
c) RBAC (Role-Based Access Control)
d) Rule-Based Access Control<\/summary>\n
Explanation:<\/em>
RBAC assigns permissions based on roles within an organization.
MAC labels data and grants access based on those labels.
DAC allows users to grant permissions on their own data.
Rule-Based Access Control provides access based on a set of predefined security rules.<\/p>\n<\/details>\n\n\n\nWhich malware type disguises itself as legitimate software to deceive users?<\/strong>
a) Worm
b) Trojan
c) Virus
d) Ransomware<\/summary>\n
Explanation:<\/em>
Trojans present themselves as legitimate software but hide malicious functionalities.
Worms replicate themselves to spread across networks.
Viruses attach to files and require user intervention to spread.
Ransomware encrypts user data and demands payment for decryption.<\/p>\n<\/details>\n\n\n\nWhich of the following is a common method for securely erasing data from a storage device so that it cannot be easily recovered?<\/strong>
a) Defragmentation
b) Formatting
c) Zeroization
d) Compression<\/summary>\n
Explanation:<\/em>
Zeroization involves overwriting storage sectors with zeros, rendering the original data virtually irrecoverable.
Defragmentation rearranges fragmented data to make a drive operate more efficiently.
Formatting prepares a storage device for use and may not securely erase all data.
Compression reduces the size of files but does not erase them.<\/p>\n\n\n\n
\n<\/details>\n\n\n\n
\n\n\n\nPractice 3<\/h2>\n\n\n\n
1. What concept involves splitting data into pieces and distributing it across multiple locations?<\/strong>
a) De-identification
b) Data Masking
c) Sharding
d) Tokenization<\/summary>\n
Explanation:<\/em>
Sharding involves splitting data and distributing it to enhance performance and manageability.
De-identification involves anonymizing data to protect privacy.
Data Masking obfuscates specific data within a database.
Tokenization replaces sensitive elements with non-sensitive equivalents.
<\/p>\n<\/details>\n\n\n\n2. Which of the following protocols provides secure file transfer capabilities?<\/strong>
a) FTP
b) SFTP
c) HTTP
d) SNMP<\/summary>\n
Explanation:<\/em>
SFTP provides secure file transfer capabilities using secure shell (SSH).
FTP is a standard network protocol for file transfer but is not secure.
HTTP is used for transmitting hypertext requests and is also not secure.
SNMP is used for managing devices on IP networks.
<\/p>\n<\/details>\n\n\n\n3. Which security concept ensures that modifications to data are not made without detection?<\/strong>
a) Authentication
b) Integrity
c) Availability
d) Confidentiality<\/summary>\n
Explanation:<\/em>
Integrity ensures that data remains unchanged from its source during storage or transmission.
Authentication confirms an entity’s identity.
Availability ensures that resources are accessible when needed.
Confidentiality prevents unauthorized access to data.
<\/p>\n<\/details>\n\n\n\n4. Which technology ensures the confidentiality of data in transit over unsecured networks, such as the internet?<\/strong>
a) VPN
b) NIDS
c) Firewall
d) Antivirus<\/summary>\n
Explanation:<\/em>
VPN (Virtual Private Network) ensures confidentiality and secure data transmission over unsecured networks.
NIDS (Network Intrusion Detection System) monitors network traffic for suspicious activity.
Firewalls protect networks by controlling internet traffic.
Antivirus software protects against malicious software.
<\/p>\n<\/details>\n\n\n\n5. What type of security testing involves analyzing code without executing it?<\/strong>
a) Static Testing
b) Dynamic Testing
c) Stress Testing
d) Penetration Testing<\/summary>\n
Explanation:<\/em>
Static Testing involves analyzing code without executing it, focusing on code, design, and documentation.
Dynamic Testing involves analyzing code by executing it.
Stress Testing tests system performance under unfavorable conditions.
Penetration Testing assesses a system\u2019s ability to withstand attacks.
<\/p>\n<\/details>\n\n\n\n6. Which protocol uses port 443 by default?<\/strong>
a) HTTP
b) HTTPS
c) FTP
d) SSH<\/summary>\n
Explanation:<\/em>
HTTPS uses port 443 by default and ensures secure, encrypted communication over the web.
HTTP uses port 80 and is unsecured.
FTP (File Transfer Protocol) uses ports 20 and 21.
SSH (Secure Shell) uses port 22.
<\/p>\n<\/details>\n\n\n\n7. Which regulatory legislation concerns the protection of personal data for EU citizens?<\/strong>
a) HIPAA
b) GDPR
c) FISMA
d) SOX<\/summary>\n
Explanation:<\/em>
GDPR (General Data Protection Regulation) protects the personal data of EU citizens and applies to organizations handling such data.
HIPAA (Health Insurance Portability and Accountability Act) relates to healthcare information in the USA.
FISMA (Federal Information Security Management Act) applies to US federal agencies.
SOX (Sarbanes-Oxley Act) concerns financial information for publicly traded companies in the USA.
<\/p>\n<\/details>\n\n\n\n8. Which principle of information security requires that no single individual should have complete control over a process or system?<\/strong>
a) Principle of Least Privilege
b) Separation of Duties
c) Defense in Depth
d) Open Design<\/summary>\n
Explanation:<\/em>
Separation of Duties involves distributing tasks and privileges among multiple people, which reduces the risk of a single point of failure or misuse.
The Principle of Least Privilege entails granting only the minimum levels of access \u2014 or permissions \u2014 needed to accomplish tasks.
Defense in Depth implements multiple layers of security controls.
Open Design assumes the system’s security does not depend on its architecture being secret.
<\/p>\n<\/details>\n\n\n\n9. Which of the following best describes a cryptographic salt?<\/strong>
a) A password
b) Random data appended to passwords before hashing
c) An encryption algorithm
d) A secret key used for symmetric encryption<\/summary>\n
Explanation:<\/em>
A cryptographic salt is random data that is combined with a password before the resulting data is subjected to a cryptographic hash function. This method helps defend against dictionary attacks and pre-computed rainbow table attacks by creating unique hashes, even if users have identical passwords.
A password is a secret word or string of characters used for user authentication.
An encryption algorithm is a method used to transform readable data into unreadable data.
A secret key used for symmetric encryption does not describe a cryptographic salt.
<\/p>\n<\/details>\n\n\n\n10. Which of the following is a feature of Public Key Infrastructure (PKI)?<\/strong>
a) Key exchange
b) Hash function
c) Digital certificates
d) Antivirus scanning<\/summary>\n
Explanation:<\/em>
PKI (Public Key Infrastructure) involves the use of digital certificates to establish a hierarchy of trust, facilitating the secure exchange of keys and providing a framework that manages digital keys and certificates.
Key exchange refers to the process of exchanging cryptographic keys between entities, which can be part of the PKI but is not a feature per se.
A hash function is a cryptographic function but not a PKI feature.
Antivirus scanning is unrelated to PKI and pertains to malware detection and prevention.<\/p>\n<\/details>\n\n\n\n
\n\n\n\nPractice 4<\/h2>\n\n\n\n
1. In which type of attack does the attacker disguise themselves as a trusted entity to deceive victims?<\/strong>
a) Replay Attack
b) Phishing Attack
c) Brute Force Attack
d) Salting<\/summary>\n
Explanation:<\/em>
Phishing attacks involve attackers disguising themselves as trusted entities, often through email or other communication forms, to deceive victims into revealing sensitive information.
Replay attacks involve capturing and resending data.
Brute force attacks involve trying multiple combinations to gain access.
Salting is a cryptographic technique, not an attack.<\/p>\n<\/details>\n\n\n\n2. What best describes the primary purpose of an Intrusion Detection System (IDS)?<\/strong>
a) Preventing malicious traffic from entering a network
b) Detecting and alerting about potential intrusions
c) Encrypting data in transit
d) Auditing and logging all network traffic<\/summary>\n
Explanation:<\/em>
An IDS monitors networks for malicious activities or policy violations and produces reports to a management station.
Preventing malicious traffic from entering a network:<\/strong> More the role of a firewall or an IPS (Intrusion Prevention System).
Encrypting data in transit: Encryption’s job, not the function of IDS.
Auditing and logging all network traffic: While IDS may log events, its primary purpose isn’t to log all network traffic.<\/p>\n<\/details>\n\n\n\n3. Which type of firewall filters traffic based on the state of the connection?<\/strong>
a) Packet-Filtering Firewall
b) Proxy Firewall
c) Stateful Firewall
d) Application Firewall<\/summary>\n
Explanation:<\/em>